qemu-ppc
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-ppc] MorphOS 4.x on QEMU

From: BALATON Zoltan
Subject: [Qemu-ppc] MorphOS 4.x on QEMU
Date: Tue, 25 Feb 2014 03:45:25 +0100 (CET)
User-agent: Alpine 2.01 (GSO 1266 2009-07-14) 
Hello,

On Sat, 1 Feb 2014, Mark Cave-Ayland wrote:
FWIW I do have a MorphOS image in my OpenBIOS test suite which I run as part of the release process from time to time, although of course it never seems to get further than the bootloader. Last time I spent some time checking this in detail, it seemed to get stuck in an infinite loop whilst traversing the firmware tree but it's been a while since I started digging any deeper into this.
I've tried to debug it a bit further and I got to a point where I think I understand what is happening but I don't know why and how it could be fixed. Any ideas are welcome. I hope someone can help to get further with this. Here are the details: I'm using the freely downloadable demo morphos-3.4.iso and ran it with: 

qemu-system-ppc -M mac99 -cdrom morphos-3.4.iso -boot d -net none \
-prom-env 'auto-boot?=false' -d in_asm,int,ioport,unimp,guest_errors

to get some idea what is it doing. Then start the boot manually by:

0> boot cd:,\mac_ppc32\boot.img
It loads and run but gets stuck just after it has strated because the first thing it does is this: 

0x00400000:  stwu    r1,-304(r1)
0x00400004:  mflr    r0
0x00400008:  mfcr    r12
0x0040000c:  stw     r15,236(r1)
0x00400010:  stw     r16,240(r1)
0x00400014:  stw     r17,244(r1)
0x00400018:  stw     r18,248(r1)
0x0040001c:  stw     r19,252(r1)
0x00400020:  stw     r20,256(r1)
0x00400024:  stw     r21,260(r1)
0x00400028:  stw     r22,264(r1)
0x0040002c:  stw     r23,268(r1)
0x00400030:  stw     r24,272(r1)
0x00400034:  stw     r25,276(r1)
0x00400038:  stw     r26,280(r1)
0x0040003c:  stw     r27,284(r1)
0x00400040:  stw     r28,288(r1)
0x00400044:  stw     r29,292(r1)
0x00400048:  stw     r30,296(r1)
0x0040004c:  stw     r31,300(r1)
0x00400050:  stw     r0,308(r1)
0x00400054:  stw     r12,232(r1)
0x00400058:  li      r22,0
0x0040005c:  li      r9,128
0x00400060:  mr      r26,r5
0x00400064:  mr      r25,r6
0x00400068:  stw     r22,0(r9)
0x0040006c:  li      r31,0
0x00400070:  mfmsr   r20
0x00400074:  ori     r20,r20,12288
0x00400078:  mtmsr   r20
that is, after saving registers to the stack it writes 0 to 0x80 which overwrites part of the exception_return code of openbios so the next time it gets a DSI exception and is trying to run this code it leads to an invalid opcode exception and that's it. Here are the exceptions and how the last one fails: 

Raise exception at 00400000 => 00000002 (00)
Raise exception at 00400050 => 00000002 (00)
Raise exception at 00400068 => 00000002 (00)
Raise exception at 00441b18 => 00000002 (00)
IN:
0x00000300:  b       0x238c             ; @ real_dsi(t)

IN:
0x0000238c:  mtsprg  1,r1
0x00002390:  mfcr    r1
[...]
0x00002410:  addi    r1,r1,-16
0x00002414:  b       0xc                ; @ call_dsi_exception(t)

IN:
0x0000000c:  lis     r3,-15
0x00000010:  addi    r3,r3,-31588
0x00000014:  mtctr   r3
0x00000018:  bctrl

IN:
0xfff0849c:  mflr    r0         ; dsi_exception(T)
0xfff084a0:  stwu    r1,-32(r1)
0xfff084a4:  stw     r31,28(r1)
0xfff084a8:  stw     r0,36(r1)
0xfff084ac:  mfdar   r31
0xfff084b0:  mfdsisr r9
0xfff084b4:  addi    r4,r1,8
0xfff084b8:  mr      r3,r31
0xfff084bc:  bl      0xfff08094         ; @ ea_to_phys(t)

IN:
0xfff08094:  lis     r9,-17             ; ea_to_phys(t)
0xfff08098:  mflr    r0
[...]
0xfff080b4:  mr      r30,r4
0xfff080b8:  ble+    cr7,0xfff080d4

IN:
0xfff080d4:  bl      0xfff0fc50         ; @ ofmem_translate(T)

IN:
0xfff0fc50:  mflr    r0         ; ofmem_translate(T)
0xfff0fc54:  stwu    r1,-16(r1)
0xfff0fc58:  stmw    r30,8(r1)
0xfff0fc5c:  mr      r31,r3
0xfff0fc60:  stw     r0,20(r1)
0xfff0fc64:  mr      r30,r4
0xfff0fc68:  bl      0xfff08058         ; @ ofmem_arch_get_private(T)

IN:
0xfff08058:  mfsdr1  r3         ; ofmem_arch_get_private(T)
0xfff0805c:  rlwinm  r3,r3,0,0,15
0xfff08060:  addis   r3,r3,-26
0xfff08064:  addi    r3,r3,-32768
0xfff08068:  blr

IN:
0xfff0fc6c:  lwz     r9,24(r3)
[...]
0xfff084cc:  bl      0xfff08148         ; @ hash_page(t)

IN:
0xfff08148:  mflr    r0         ; hash_page(t)
0xfff0814c:  stwu    r1,-64(r1)
[...]
0xfff08350:  tlbie   r30
0xfff08354:  addi    r11,r1,64
0xfff08358:  b       0xfff25f30         ; @ _restgpr_25_x(T)

IN:
0xfff25f30:  lwz     r25,-28(r11)               ; _restgpr_25_x(T)
0xfff25f34:  lwz     r26,-24(r11)               ; _restgpr_26_x(T)
0xfff25f38:  lwz     r27,-20(r11)               ; _restgpr_27_x(T)
0xfff25f3c:  lwz     r28,-16(r11)               ; _restgpr_28_x(T)
0xfff25f40:  lwz     r29,-12(r11)               ; _restgpr_29_x(T)
0xfff25f44:  lwz     r30,-8(r11)                ; _restgpr_30_x(T)
0xfff25f48:  lwz     r0,4(r11)          ; _restgpr_31_x(T)
0xfff25f4c:  lwz     r31,-4(r11)
0xfff25f50:  mtlr    r0
0xfff25f54:  mr      r1,r11
0xfff25f58:  blr

IN:
0xfff084d0:  addi    r11,r1,32
0xfff084d4:  b       0xfff25f48         ; @ _restgpr_31_x(T)

IN:
0xfff25f48:  lwz     r0,4(r11)          ; _restgpr_31_x(T)
0xfff25f4c:  lwz     r31,-4(r11)
0xfff25f50:  mtlr    r0
0xfff25f54:  mr      r1,r11
0xfff25f58:  blr

IN:
0x0000001c:  b       0x34               ; @ exception_return(t)

invalid/unsupported opcode: 00 - 00 - 00 (00000000) 00000080 0
IN:
0x00000034:  addi    r1,r1,16
0x00000038:  lwz     r0,52(r1)
0x0000003c:  mtlr    r0
0x00000040:  lwz     r0,56(r1)
0x00000044:  mtcr    r0
0x00000048:  lwz     r0,60(r1)
0x0000004c:  mtctr   r0
0x00000050:  lwz     r0,64(r1)
0x00000054:  mtxer   r0
0x00000058:  lwz     r0,0(r1)
0x0000005c:  lwz     r2,8(r1)
0x00000060:  lwz     r3,12(r1)
0x00000064:  lwz     r4,16(r1)
0x00000068:  lwz     r5,20(r1)
0x0000006c:  lwz     r6,24(r1)
0x00000070:  lwz     r7,28(r1)
0x00000074:  lwz     r8,32(r1)
0x00000078:  lwz     r9,36(r1)
0x0000007c:  lwz     r10,40(r1)
0x00000080:  .long 0x0          ; @ _end(T)

Raise exception at 00000084 => 00000006 (21)
IN:
0x00000700:  bl      0x90               ; @ trap_error(t)

IN:
0x00000090:  lis     r1,-32768
0x00000094:  add.    r1,r1,r1
0x00000098:  beq-    0xa8               ; @ ofmem_init(T)

IN:
0x000000a8:  mflr    r3
0x000000ac:  lis     r4,-15
0x000000b0:  addi    r4,r4,-29180
0x000000b4:  mtctr   r4
0x000000b8:  bctr

IN:
0xfff08e04:  mflr    r0         ; unexpected_excep(T)

Here is the exception return code before it is overwritten:

IN:
0x00000034:  addi    r1,r1,16
0x00000038:  lwz     r0,52(r1)
0x0000003c:  mtlr    r0
0x00000040:  lwz     r0,56(r1)
0x00000044:  mtcr    r0
0x00000048:  lwz     r0,60(r1)
0x0000004c:  mtctr   r0
0x00000050:  lwz     r0,64(r1)
0x00000054:  mtxer   r0
0x00000058:  lwz     r0,0(r1)
0x0000005c:  lwz     r2,8(r1)
0x00000060:  lwz     r3,12(r1)
0x00000064:  lwz     r4,16(r1)
0x00000068:  lwz     r5,20(r1)
0x0000006c:  lwz     r6,24(r1)
0x00000070:  lwz     r7,28(r1)
0x00000074:  lwz     r8,32(r1)
0x00000078:  lwz     r9,36(r1)
0x0000007c:  lwz     r10,40(r1)
0x00000080:  lwz     r11,44(r1)
0x00000084:  lwz     r12,48(r1)
0x00000088:  lwz     r1,4(r1)
0x0000008c:  rfi
Apparently this does not happen on real hardware but I don't know if it's an openbios or qemu problem. Does anyone with more knowledge about all this has any idea how to overcome this?
(I've also noticed that qemu-system-ppc64 does not seem to work on qemu master but this seems to be fixed on qemu ppc-next.) 

Regards,
BALATON Zoltan
reply via email to
[Prev in Thread] Current Thread [Next in Thread]